Thursday, October 17, 2013

ORG interviews, the ISC inquiry & Benkler re the Snowden leaks

The Open Rights Group has done a series of interviews about the Snowden leaks with such luminaries as former GCHQ chief David Omand, human rights and freedom of information campaigners Peter Tatchell and Heather Brookes and the former Conservative foreign and defence secretary, Malcolm Rifkind.

Particularly telling is Mr Omand's point that we've got to grow up and have a public debate about the powers of the intelligence services to engage in operational surveillance, what that means in practice and what the boundaries, checks and balances of such powers should be.

Mr Rifkind, comes across as believing in the magic powers of computers, given enough personal data about everyone, to point out the bad guys. It doesn't matter, you see, that the data of the rest of us is in there too; because as long as it's only seen by the computer which grades us as innocents then there is no harm done.

His lack of understanding might not be a problem except for the fact that he is chairman of the parliamentary Intelligence and Security Committee (ISC) charged with overseeing the work of the intelligence services. The ISC is also the committee that has announced it will look into the Snowden leaks. Unfortunately Mr Rifkind is also framing this inquiry as examining

"the appropriate balance between privacy and security in an internet age...

There is a balance to be found between our
individual right to privacy and our collective right to security.

Wrong, wrong, wrong.

It is not about "balancing" privacy and security. They are not opposite sides of the same coin. More privacy does not mean less security any more than more security means less privacy. Door locks and strong fences provide privacy and security. Security gets pitched against privacy in the context of mass surveillance and identity; and the anti-privacy security measures like mass surveillance and identity cards not only don't work but can undermine security. (All the 9/11 attackers had their photo identities checked before boarding their planes.)

If Mr Rifkind does not understand that he should not be chairing such an influential parliamentary committee in this area. If he does understand it he's engaging in manipulative politics, framing the "inquiry" to get pre-ordained "answers".

Even if we did have Mr Rifkind's magic terrorist catching machine and it was 99.9% accurate (no existing
surveillance system comes close to this) it would be still be useless.

Why?

Because even if the machine was watching only the 60 million people in the UK, it
would wrongly accuse roughly 600,000 innocent people of being terrorists every
time it was asked for a suspect. That’s a lot of false leads for the police and
security services to follow whilst the bad buys get lost in the noise.

So even if there were 1000 terrorists (unlikely), our 99.9% accurate
terrorist catching machine would be wrong more than 99.8% of the time (599,000/600,000).

Yet the machine still might miss the terrorist! Because not only will it
wrongly identify innocent people as bad guys, it will also identify real bad
guys as innocents.

Tuning the machine to accuse fewer innocents will make it more likely that
it will miss the bad guys.
Finding a terrorist is a needle in a haystack problem. You don’t find the
needle by throwing more electronic data hay on the stack. It requires targeted, intelligence led surveillance and investigation - targeted intelligence led data preservation not blanket data collection and mass surveillance.

So not only does the Rifkind-approved mass surveillance apparatus not work, it blows a hole in the constitutional, common law, statutory and international protections for privacy.

First, bulk collection saves Americans from foreign terrorists. The problem with
this argument is that all publicly available evidence presented to
Congress, the judiciary, or independent executive branch review suggests
that the effect of bulk collection has been marginal...

The second argument that defenders of mass surveillance offer is that
detailed, complex and faithfully-executed rules for how the information
that is collected will be used are adequate replacements for what the fourth amendment
once quaintly called "probable cause" and a warrant "particularly
describing the place to be searched, and the persons or things to be
seized". The problem with this second argument is that it combines two
fundamentally incompatible elements.

Mass surveillance represents a commitment to near-universal all-seeing gaze, so
as to assess and respond to threats that can arise anywhere, at any
time. Privacy as a check on government power represents a constitutional
judgment that a limited government must have limited power to inspect
our daily lives, and that an omniscient government is too powerful for
mere rules to restrain. The experience of the past decade confirms this
incompatibility...

Technology has enabled government to have investigative and situational
awareness on a scale and scope that were science fiction when the Stasi
shut its doors. The "state of emergency" mindset necessary to justify
the program in the first place drives those charged with assuring the
safety of Americans to always use this technology to its full potential;
it also gives them an independent source of legitimacy for their
actions – the fierce urgency of necessity.
Their mission clashes
with the fundamental premise of privacy as a civil right: that state
power is best contained by making the overwhelming majority of what goes
on in society invisible to the state. As Justice Alito put it in the
supreme court's decision to strike down GPS tracking:

[Historically] the greatest protections of privacy were neither constitutional nor statutory, but practical.

Once
the state knows about behavior, it is hard to rely on rules alone to
bear the full burden of preventing overreach by those who wield its
awesome power...

Rules alone cannot hold back the millions of potential abuses of an omniscient state.

As long as government is allowed to collect all internet data, the perceived
exigency will drive honest civil servants to reach more broadly and
deeply into our networked lives. Bringing an end to mass government
surveillance needs to be a central pillar of returning to the principles
we have put in jeopardy in the early 21st century."

Mr Tatchell and Ms Brookes, as you would expect, are articulate on the need to protect human rights, expose wrong doing on the part of government, protect whistleblowers and wax skeptical about the constant 'trust us it's a matter of national security' refrain on the part of governments.